I needed to remove an IP address from the "jail" it was placed in by fail2ban, which is intrusion prevention sotware, due to an incorrect password being entered too many times by a legitimate user of the system during attempts to log into a CentOS Linux system that runs fail2ban. The attempted logins were made via Secure Shell (SSH). After the number of attempts with an incorrect password reached the cutoff for fail2ban to automatically ban the IP address from which the login attempts were originating, the user then got the following error message on subsequent login attempts:
$ ssh jdoe@example.com ssh: connect to host example.com port 22: Connection refused $
The fail2ban log on the system is at /var/log/fail2ban.log.
You can check that log to see which IP addresses were banned and the time any
bans went into effect. So I first verified the IP address from which
the login attempts were made.
# tail -n 3 /var/log/fail2ban.log 2017-07-13 21:59:06,304 fail2ban.filter [1664]: INFO [sshd] Found 192.168.1.21 2017-07-13 21:59:06,818 fail2ban.actions [1664]: NOTICE [sshd] Ban 192.168.1.21 2017-07-13 21:59:11,538 fail2ban.filter [1664]: INFO [sshd] Found 192.168.1.21 #
You can determine the name for the jail and IP address is in by issuing
the command fail2ban-client status.
[ More Info ]
